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CLAIMS 

1. A method of configuring a connectivity unit associated with a user for communication 
5 with a service entity aVoss a communications iiifrastructure, said connectivity unit having 

configuration communications parameters pre-installed therein prior to the user taking 
possession of the unit, said\riethod comprising: 

- a first phase in which the uW communicates with a configuration service and passes to 

the latter user-related information including an identity data item, said user-related 
1 0 information being placed in\ corresponding computer record of a data processing 

system of the configuration se 

- a second phase in which the conrfectrvittf unit initiates communication between itself and 

the data processing system ofrh^^dnflguration service across the communications 
infrastructure by using said preloadedNconfiguration communications parameters, the 

15 connectivity unit being identified to the (lata processing system by said identity data 

item being passed across the cornmunicatidns infrastructure to the data processing 
system, and the data processing system usingVsaid identity data item to access the 
related said computer record and thereafter transmit to the connectivity unit 
operational communications parameters for use bysthe connectivity unit for 

20 communicating with said service entity, said operational communication parameters 

being derived by said configuration service on the basisNpf the user-related information 
received in said first phase for the user concerned. 

2. A method according to claim 1, wherein the configuration service includes a call center, 
25 the user passing said user-related information to the configuration service during said first 

phase by communicating with the call center in one of the following ways: 
directly by telephone; 

directly by an electronic messaging system; 

indirectly through a third party who contacts the call center by telephone; 
30 - indirectly through a third party who contacts the call center by an electronic messaging 
system. 
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3. A meflK)d according to claim 1, wherein the said identity data item of the user-related 

informations an identity sequence specific to the connectivity unit. 

4. A method according to claim 3, wherein the second phase is automatically carried out 
upon the connectivity unit being powered up and connected to said communications 
infrastructure without the user having to input any data into the connectivity unit, the 
identity sequence of the connectivity unit being stored in a memory of the unit. 

5. A method according tC\ claim 3, wherein the pre-installed configuration communications 
parameters include a pubticWy / private-key cryptographic key pair with an identity- 
sequence certificate linking the public key to the identity sequence of the connectivity unit; 
the said second phase involving\an authentication process in which the identity-sequence 
certificate is passed by the connectivity unit to the data processing system which verifies the 
authenticity of the certificate and thus of the association between the public key and identity 
sequence in the certificate. \ 

6. A method according to claim 5, wheceiit thi authentication process further involves a 
cryptographic-based challenge-responseSnte\c^ange conducted between the connectivity 
unit and data processing system to confirm that the connectivity unit is the possessor of the 
private key related to the public key passed in th\ identity-sequence certificate whereby to 
authenticate the unit as the one bearing the identit\sequence included in the certificate. 

7. A method according to claim 1, wherein the communications infrastructure comprises a 
telephone network to which the user is a subscriber, the\onnectivity unit connecting to the 
communications infrastructure through the user's subscribers connection; said identity data 
item being the telephone number of the user. \ 

8. A method according to claim 7, wherein the second phase is automatically carried out 
upon the connectivity unit being powered up and connected to saiaVommunications 
irifrastructure without the user having to input any data into the connectivity unit, the 
telephone number of the user being provided to the data processing system in said second 
phase on the basis of caller-id signalling information generated in the telephone network 



when the connectivity unit mitiates communication with the data processing system at the 
start of the second phase. \ 

9. A method according to claim 1 ;Wherein said user-related information includes an 
5 identity sequence specific to the connectivity unit and the pre-installed configuration 

communications parameters held by theu;onnectivity unit include a public-key / private-key 
cryptographic key pair with an identity-sequence certificate linking the public key to the 
identity sequence of the connectivity unit; the said second phase involving an authentication 
process in which the identity-sequence certificate is passed by the connectivity unit to the 

1 0 data processing system which verifies the auttiemcity of the certificate and thus of the 
association between the public key and identity sequence in the certificate; and the 
operational communications parameters transmitted Vom the data processing system to the 
connectivity unit including a user-identity certificate linking the public key of the 
connectivity unit to a user-identity element which formsWrt of, or is derived from, said 

1 5 user-related information and which is held in the computerVecord associated with the user 
concerned, said user-identity certificate being subsequently used by the connectivity unit for 
authenticating itself to said service entity. \ 

10. A method according to claim 9, wherein said authentication process further involves a 
20 cryptographic-based challenge-response interchange conducted between the connectivity 

unit and data processing system to confirm that the connectivity unit is the possessor of the 
private key related to the public key passed in the identity-sequence certificate whereby to 
authenticate the unit as the one bearing the identity sequence included in the certificate. 

25 11. A method according claim 1, wherein the communications infrastructure comprises a 
data network to which the data processing system of the configuration service is connected, 
and an access network to which the user has a subscriber connection and which provides 
access to the data network through a data-network access point, the said second phase 
involving the following steps: 
30 (a) - the connectivity unit connects via the user's subscriber connection across the access 
network to the data-network access point using addressing information for the latter 
held as part of said configuration communication parameters; 
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the data-network access point authorises access by the connectivity unit to the data 
network on the basis of a usemame and password which are included in said 
configuration communications parameters and are passed to the access point by the 
connectivity unit, the data-network access point effecting this authorisation by using 
the services of an authorisation server of said data processing system; 
upon access being authorised in step (b), the data-network access point assigns an 
address for the connectivity unit on the data network and passes this address to the 
authorisation server which in turn passes it to a configuration manager of the data 
processing system; and 

the configuration manager prompted by the authorisation server in step (c) contacts the 
connectivity unit at the assigned address of the latter on the data network and 
downloads said operational communication parameters to the connectivity unit. 

12. A method according to claim 11, wherein the connectivity unit stores an identity 
15 sequence specific to the connectivity unit, this identity sequence being included in the user 
name passed to the authorisation server and being checked by the latter against a database of 
valid identity sequences, access to the data network only being authorised if the identity 
sequence included in the user name is a valid one. 

20 13. A method according to claim 11, wherein the connectivity unit stores an identity 

sequence specific to the connectivity unit and the authorisation server is associated with a 
configuration domain; the username passed by the connectivity unit to the data-network 
access point being of the form: 

identity sequence of connectivity unit @ configuration domain 

25 and the data-network access point recognising the configuration_domain as indicating the 
authorisation server to be used and thereupon contacting the latter over the data network and 
passing it the identity sequence contained in the username it received from the connectivity 
unit. 

30 14. A method according to claim 11, therein an identifier of the subscriber-connection on 
the access network is passed to the data-ifetwbrk access point in signalling information of 
the access network, this subscriber-coimW^folti identifier being passed on by the data- 
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network access poify to the authorisation server which in turn passes it to the configuration 
manager. 



15. A method according to claim 14, wherein said subscriber-connection identifier is stored 
5 by the configuration manager u^thexomputer record of the related user. 

16. A method according to claim 14,Nvherein said subscriber-connection identifier 
constitutes said identity data item and is^used, upon being received by the configuration 
manager from the authorisation server, to access the corresponding user computer record. 

10 

17. A method according claim 1, wherein the communications infrastructure comprises a 
data network to which the data processing system of the configuration service is connected, 
and an access network to which the user has a subscriber connection and which provides 
access to the data network through a data-network access point, the said second phase 

15 involving the following steps: 

(a) - the connectivity unit connects via the user's subscriber connection across the access 

network to the data-network access point using addressing information for the latter 
held as part of said configuration communication parameters; 

(b) - the data-network access point authorises access by the connectivity unit to the data 
20 network on the basis of a username and password which are included in said 

configuration communications parameters and are passed to the access point by the 
connectivity unit, the data-network access point effecting this authorisation by using 
the services of an authorisation server of said data processing system; 

(c) - upon access being authorised in step (b), the data-network access point assigns an 
25 address for the connectivity unit on the data network and passes this address to the 

connectivity unit; and 

(d) - the connectivity unit contacts the configuration manager over the data network at an 

address held by the connectivity unit as part of said configuration communication 
parameters, the configuration manager subsequently transmitting said operational 
30 communication parameters to the connectivity unit. 
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18. A method according to claim 17, wherein the connectivity unit stores an identity 
sequence specific to the connectivity unit, this identity sequence being included in the user 
name passed to the authorisation server and being checked by the latter against a database of 
valid identity sequences, access to the data network only being authorised if the identity 
5 sequence included in the user name is a valid one. 



19. A method according to claim 17, wherein the connectivity unit stores an identity 
sequence specific to the connectivity unit and the authorisation server is associated with a 
configuration domain; the username passed by the connectivity unit to the data-network 

10 access point being of the form: 

identity sequence of connectivity unit @ configurationdomain 
and the data-network access point recognising the configuration domain as indicating the 
authorisation server to be used and thereupon contacting the latter over the data network and 
passing it the identity sequence contained in the username it received from the connectivity 

15 unit. 

20. A method according to claimr^, wherein an identifier of the subscriber-connection on 
the access network is passed to the data\n^twprk access point in signalling information of 
the access network, this subscriber-conrrecwm identifier being passed on by the data- 

20 network access point to the authorisation servenwhich in turn passes it to the configuration 
manager. 



21. A method according to claim 1, further comprising a third phase in which at the end of 
said second phase the data processing system initiates the sending of a wake-up indication 
25 to the connectivity unit, the latter responding to receipt of this indication by seeking to 
connect across the communications infrastructure to the service entity using the said 
operational communications parameters passed to it during said second phase whereby to 
check that the connectivity unit has been correctly configured for communication with the 
service entity. 



30 
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22. A method according to ciWi 21, wherein said service entity facilitates the setting up of 
a communication connection over^he communications infrastructure between the 
connectivity unit and a selected end system, and wherein: 

(a) - in the course of said first phase, aiy^lecbpnic address book is created in the service 

system for said user using informatiojrorQvided by the user, entries in the address 
book corresponding to particular end systhms, and 

(b) - upon communication being established between the connectivity entity and the service 

entity during said third phase, the service entity^asses a copy of the electronic address 
book to the connectivity unit. 

23. A method according claim 21, wherein the communications infrastructure comprises a 
data network to which the data processing system of the configuration service is connected, 
and an access network to which the user has a subscriber connection and which provides 
access to the data network through a data-network access point; and wherein an identifier of 
the subscriber connection on said access network is stored in the computer record of the user 
and said wake-up indication takes the form of a call placed to said subscriber connection. 

24. A method according to claim 25^herein said subscriber-connection identity is entered 
into said computer record during said secWdphase, the subscriber-connection identifier 
being passed to the data-network access rainfcmi signalling information of the access 
network and then being forwarded to the data processing system of the configuration service 
for entry into said computer record. 

25. A method according to claim 1, including a further phase of reconfiguring the 
connectivity unit in which the configuration service transmitsio the connectivity unit across 
the communications infrastructure a new set of operational communications parameters 
which the connectivity unit thereafter uses when accessing the service entity, said further 
phase being initiated by the configuration service setting a reconfiguratipn indicator which 
the connectivity unit reads during subsequent communication with the sendee entity. 



26. A method according to claim 25, wherein said further phase is initiated by th 
configuration service selectively: 
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in af^active manner, by waking up the connectivity unit to cause it to communicate 
with the service entity; or 

in a passive manner, by waiting until the connectivity unit next connects to the service 
entity. 



10 



15 
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27. A method according claim 25, wherein: 

the communications infrastructure comprises a data network to which the data 
processing systen\of the configuration service is connected, and an access network to 
which the user has ^subscriber connection and which provides access to the data 
network through dataVietwork access points; 

said preloaded configuration communications parameters comprise parameters for 
accessing the data netwoHc through a first one of said data-network access points, and 
said operational communications parameters comprise parameters for accessing. said 
data network through a second one of said data-network access points, the 
connectivity unit using the first data-network access point for accessing the 
configuration service during sa^Secoh^ phase and the second data-network access 



point for subsequently accessi 
said reconfiguration indicator i 1 



25 



service entity; and 
^c^vely set by the configuration service to further 
indicate to the connectivity unit whffch of said first and second data-network access 
points is to be used for receiving the new operational communications parameters in 
said further phase, the connectivity unAon communicating with the service entity 
through the second data-network access noint and ascertaining from said 
reconfiguration indicator that the first dataWtwork access point is to be used to 
receive new operational parameters, thereafter connecting to the configuration service 
through that access. 
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28. A method according to claim 27, wherein use of tfffe first data-network access point is 
without charge to the user whereas use of the second data\network access point by the user 
is subject to a charge. 

29. A method according to claim 1, including a further phase of reconfiguring the 
connectivity unit in which the configuration service transmits toVhe connectivity unit across 



the communications infrastructure a new set of operational communications parameters 
which the connectivity uiiit\thereafter uses when accessing the service entity, said further 
phase being initiated by the connectivity unit contacting the configuration service. 

5 30. A method according claim 1, ^herein the communications infrastructure comprises a 
data network to which the data processiHg"system of the configuration service is connected, 
and an access network to which the usenhas a subscriber connection and which provides 
access to the data network through data-oefcMtork access points; said preloaded configuration 
communication parameters comprising data ibr accessing the data network through a first 
10 one of said data-network access points, and saidypperational communications parameters 
comprising data for accessing said data network through a second one of said data-network 
access points, the connectivity unit using said first data-network access point for accessing 
the configuration service during second phase and saiaWcond data-network access point for 
subsequently accessing said service entity. \ 
15 ^ 

31 . A configuration service system for configuring a connectivity unit for communication 
with a service entity across a communications infrastructure, said connectivity unit having 
configuration communications parameters pre-installed therein prior to a user taking 
possession of the unit, the configuration service system comprising: 
20 - a data processing system including a store for holding user-related information; 

a call center to which user-related information about a new user of a connectivity unit 
can be passed for entry into the data processing system for storage in said store; the 
user-related information including an identity data item; and 

interface means for interfacing the data processing system with the communications 
25 infrastructure whereby to enable communication between the data processing system 

and the connectivity unit of the new user; access to the data processing system through 

the interface means requiring knowledge of at least one said configuration 

communications parameter; 
the data processing system further including: 
30 - means for accessing the user-related information held in said store on the basis of a 

said identity data item received across the communications infrastructure during the 
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course of communication with a said connectivity unit, this identity data item serving 
to identify the connectivity unit to the data processing system; 
means for deriving for the connectivity unit of said new user, operational 
communication parameters on the basis of said user-related information; and 
5 - means for transmitting said operational communications parameters to the 

r connectivity unit operational for use by the latter for communicating with said service 

entity. 

32. A configuration service system according to claim 29, wherein the said identity data 
10 item is an identity sequence specificto the connectivity unit and the pre-installed 

configuration communications parameters include a public-key / private-key cryptographic 
key pair with an identity-sequence certin^ate4inking the public key to the identity sequence 
of the connectivity unit; the data processMg^svaiem having authentication means comprising 
means for verifying the authenticity of a said identity-sequence certificate passed by the 
1 5 connectivity unit to the data processing system whereby to verify the association between 
the public key and identity sequence in the certificate 

33. A configuration service system according to claim 29, wherein the authentication means 
further comprises means for effecting a cryptographic-based challenge-response interchange 

20 between the connectivity unit and data processing system whereby to confirm that the 

connectivity unit is the possessor of the private key related to the public key passed in the 
identity-sequence certificate and thereby authenticate the unit as the one bearing the identity 
sequence included in the certificate. 

25 34. A configuration service system accorHmg to claim 31, wherein said identity data item is 
a telephone number associated with the user^thedata processing system being arranged to 
receive this telephone number over the cornmumcations infrastructure as data extracted from 
signalling information of a telephone network to which the user is a subscriber. 
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35. A configuration service system according claim 31 intended for use with a 
communications infrastructure comprising a data network, and an access network to which 
the user has a subscriber connection and which provides access to the data network through 
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a data-network access point; the configuration service system having its interface means 
connected to the data network and further comprising an authorisation server for providing a 
logon authorisation service to said data-network access point in respect of connectivity units 
requesting access to the configuration service system through that access point. 

5 

36. A configuration service system according to claim 3 1 , further comprising means for 
sending a wakeup indication to said connectivity unit for causing the latter to contact said 
service entity, the data processing system after transmitting said operational 
communications parameters to the connectivity unit triggering the wakeup means to send a 
10 said wakeup indication to the connectivity unit after the latter has terminated its 
communication with the data processing system. 



37. A configuration service system according claim 36, wherein the communications 
infrastructure comprises a data network to which the interface means of the configuration 

15 service system is connected, and an access network to which the user has a subscriber 
connection and which provides access to the data network through a data-network access 
point; said user-related information held in said store including an identifier of the 
subscriber connection on said access network and said wake-up indication placed by the 
wakeup means taking the form of a call to said subscriber connection. 

20 

38. A connectivity unit for communicating with a service entity across a communications 
infrastructure, said connectivity unit comprising: 

a store holding configuration communications parameters including a public-key / 
private-key cryptographic key pair with an identity-sequence certificate linking the 

25 public key to an identity sequence specific to the connectivity unit; 

communication means for establishing communication across said communications 
infrastructure with a remote entity in accordance with communications parameters 
held in said store, the communications means including authentication means for 
authenticating the connectivity unit to the remote entity, the authentication means 

30 comprising means for passing a key certificate to the remote entity, and 

configuration initiation means for causing the communication means to establish 
communication across said communications infrastructure with a configuration service 
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by using said configuration communications parameters held in said store, the said 
key certificate used by the authentication means being the identity-sequence 
certificate; 

download means for downloading operational communications parameters from the 
5 configuration service and storing them in said store; and 

operational control means for causing the communication means to establish 
communication across said communications infrastructure with said service entity by 
using said operational communications parameters held in said store. 

10 39. A connectivity unit according to claim 38, wherein said authentications further 

comprises means for generating and returning a response to a challenge issued by the remote 
entity, the generation of the response involving the use of said private key to effect a 
cryptographic operation on data included in the challenge. 

15 40. A connectivity unit according to claim 38, wherein said configuration initiation means 
is responsive to the absence of valid operational communications parameters in said store 
upon the connectivity unit being powered up and connected to the communications 
infrastructure, to automatically trigger the communication means to establish 
communications with the configuration service without requiring the input of data by a user. 

20 

41. A connectivity unit according to claim 38, wherein the communication means is 
operative to establish communication across a communications infrastructure that comprises 
a data network, and an access network to which the user of the connectivity unit has a 
subscriber connection and which provides access to the data network through a data-network 

25 access point, access to the data network through said data-network access point being 

subject to a username/password authorisation process; said configuration communications 
parameters held in said store further including the access-network address of the data- 
network access point and a username and password for use in said authorisation process, 
said usemame including said identity sequence specific to the connectivity unit. 

30 

42. A connectivity unit according to claim 41, wherein the username included in said 
configuration communications parameters is of the form: 
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identity sequence of connectivity unit @ configurationdomain 
where the configuration_domain serves to indicate to the data-network access point an 
authorisation server to be used in the authorisation process. 

5 43. A connectivity unit according to claim 38, wherein the operational communications 
parameters include la user-identity certificate linking the said public key to the identity of a 
user associated with connectivity unit, the user-identity certificate being used as said key 

certificate by the authentication means for authenticating the connectivity unit to the service 

\ 1 
entity upon the operational control means causing the communication means to establish 

1 0 communication with the sendee entity. 

44. A connectivity unit for communicating with a service entity across a communications 
infrastructure, said connectivity unit comprising: 

a store holding an identity sequence specific to the connectivity unit and pre-installed 
15 configuration communications parameters; 

communication means for establishing communication across said communications 

infrastructure with a remote entity inNaccordance with communications parameters 

held in said store, 

configuration initiation means for causinVtfle communication means to establish 
20 communication across said communications mfrastructure with a configuration service 

by using said configuration conimunications Wrameters held in said store; 
identification means operative upon the communication means establishing 
communication with the configuration service, to\dentify the connectivity unit to the 
configuration service on the basis of said identity sequence specific to the connectivity 
25 unit; 

download means for downloading operational communications parameters from the 
configuration service and storing them in said store; and 
operational control means for causing the communication me v ans to establish 
communication across said communications infrastructure witli said service entity by 
30 using said operational communications parameters held in said store; 

the configuration initiation means being responsive to the absence of vahci operational 
communications parameters in said store upon the connectivity unit being powered up and 



connected to the communicatio: 
means to establish communica 
input of data by a user. 
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itructure, to automatically trigger the communication 
the configuration service without requiring the 



